SOE shuts down websites, forums, and game login servers

Tokyo, May 3, 2011 – Sony Corporation and Sony Computer Entertainment announced today that their ongoing investigation of illegal intrusions into Sony Online Entertainment LLC (SOE, the company) systems revealed yesterday morning (May 2, Tokyo time) that hackers may have stolen SOE customer information on April 16th and 17th, 2011 (PDT). SOE is based in San Diego, California, U.S.A.

This information, which was discovered by engineers and security consultants reviewing SOE systems, showed that personal information from approximately 24.6 million SOE accounts may have been stolen, as well as certain information from an outdated database from 2007. The information from the outdated database that may have been stolen includes approximately 12,700 non-U.S. credit or debit card numbers and expiration dates (but not credit card security codes), and about 10,700 direct debit records of certain customers in Austria, Germany, Netherlands and Spain.

With the current outage of the PlayStation® Network and Qriocity™ services and the ongoing investigation into the recent attacks, SOE had also undertaken an intensive investigation into its system. Upon discovery of this additional information, the company promptly shut down all servers related to SOE services while continuing to review and upgrade all of its online security systems in the face of these unprecedented cyber-attacks.

On May 1, Sony apologized to its customers for the inconvenience caused by its network services outages. The company is working with the FBI and continuing its own full investigation while working to restore all services.

Sony is making this disclosure as quickly as possible after the discovery of the theft, and the company has posted information on its website and will send e-mails to all consumers whose data may have been stolen.

The personal information of the approximately 24.6 million SOE accounts that was illegally obtained, to the extent it had been provided to SOE, is as follows:

In addition to the information above, the 10,700 direct debit records from accounts in Austria, Germany, Netherlands and Spain, include:

bank account number
customer name
account name
customer address.

SOE will grant customers 30 days of additional time on their subscriptions, in addition to compensating them one day for each day the system is down. It is also in the process of outlining a “make good” plan for its PlayStation®3 MMOs (DC Universe Online and Free Realms). More information will be released this week.

Additionally, the company is committed to helping its customers protect their personal data and will provide a complimentary offering to assist users in enrolling in identity theft protection services and/or similar programs. The implementation will be at a local level and further details will be made available shortly in each region.

It’s grating that non-US credit card details were being kept on a substandard database. Any compensation package is appreciated, of course, but I’d much rather just have a secure environment for my data, and that had better be what we end up with by the end of this. We had previously been told that SOE’s data had not been affected by the break in. What this means is that the hackers have had our information for two weeks already.

This whole business is incredibly unfair on the game development teams, have pretty nothing to do with any of what has gone wrong.

2nd May:
We don’t have any information other than the following:

We have had to take the SOE service down temporarily. In the course of our investigation into the intrusion into our systems we have discovered an issue that warrants enough concern for us to take the service down effective immediately. We will provide an update later today (Monday).

If you’re still in game you’re alright for now, but nobody can log in, and I’d advise against trying to change character.

1 comment to SOE shuts down websites, forums, and game login servers

“…I’d much rather just have a secure environment for my data, and that had better be what we end up with by the end of this.”

Well said, that is what I hope SOE is working hardest on. I don’t know about those outside the USA, but I’ve already placed a 90 day fraud alert with the credit companies to make it harder for anyone to use my info, which anyone can do for free. Also keeping an eye on the card I used with SOE, just to be safe.

It is a bit weird (and sad) watching all the kids freaking out about this in the various Free Realms forums. While obviously the main concern is identity and credit card theft, it is worrying that they also now have a database with a lot of information about roughly, what, 10 million+ kids from FR alone, unless most of those accounts were set up with their parent’s info? Scary!

Also, I’m amazed at how often the thought pops into my head about what will happen to the crops in my FR farm. I had a bunch of 1 and 2 day crops planted that needed harvesting yesterday. Funny how virtual crop losses was one of the first things I thought of when this happened. :)